Cisco ASA 5505 Limitation - no DMZ

If your ASA 5505 has the security bundle license it has the DMZ capabilities. You can define the interface in the command line:

interface fa0/7
switchport access vlan 3
no shut

interface vlan 3
ip address 192.168.110.1 255.255.255.0
nameif dmz
security-level 50
no shut

If you don't have the security bundle license you will get this error:

ERROR: This license does not allow configuring more than 2 interfaces with
nameif and without a "no forward" command on this interface or on 1 interface(s)
with nameif already configured.

This is an excerpt of the show ver output:

Licensed features for this platform:
Maximum Physical Interfaces    : 8
VLANs                          : 3, DMZ Restricted
Inside Hosts                   : 10

So even though it indicates the 3rd interface can be created; its crippled. This may not seem like a big deal for a license that only supports 10 inside mac addresses; but there are certain situations where you may have a server or workstation that needs to be isolated for example from the rest of the lan.

Main menu

Secondary menu

Cisco ASA 5505 Limitation - no DMZ

Over 17 Years Experience

Richmond

Go Social!

Email